It’s the normal Fedora.
I vaguely mentioned two installations, my regular desktop and a virtual machine. Both run Fedora 29. I installed the desktop some years ago; probably SElinux was enabled but then I disabled it to make my life easier.
However, my main test is on a Fedora virtual machine I’ve built myself using mkosi. Here SElinux is not enabled by default. From now on I’ll use this machine to discuss this issue.
My current config file (note: default was
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
Perhaps this is more interesting:
# grep -i selinux /boot/config-4.20.15-200.fc29.x86_64
CONFIG_SECURITY_SELINUX_DISABLE=y should mean that it’s not enabled by default, right?